Authentication Header (AH)
Protocol Overview
Authentication Header (AH) provides authentication, integrity, and anti-replay protection for IP packets. It does not provide confidentiality (encryption).
AH Protocol Characteristics
- Protocol Number: 51
- RFC Standard: RFC 4302
- Security Services: Authentication, Integrity, Anti-replay
- Does NOT provide: Confidentiality (encryption)
AH Header Format
| Field | Size | Description |
|---|---|---|
| Next Header | 8 bits | Identifies the protocol following AH |
| Payload Length | 8 bits | Length of AH header in 32-bit words minus 2 |
| Reserved | 16 bits | Reserved for future use (set to zero) |
| SPI | 32 bits | Security Parameter Index |
| Sequence Number | 32 bits | Anti-replay sequence number |
| Authentication Data | Variable | Integrity Check Value (ICV) |
Encapsulating Security Payload (ESP)
Comprehensive Protection
ESP provides all IPsec security services: confidentiality, authentication, integrity, and anti-replay protection.
ESP Protocol Characteristics
- Protocol Number: 50
- RFC Standard: RFC 4303
- Security Services: Confidentiality, Authentication, Integrity, Anti-replay
- Preferred Choice: Most commonly used IPsec protocol
ESP vs AH Comparison
| Feature | AH | ESP |
|---|---|---|
| Confidentiality | No | Yes |
| Authentication | Yes | Yes |
| Integrity | Yes | Yes |
| Anti-replay | Yes | Yes |
| NAT Compatibility | Poor | Good |